jenspfahl
commented
1 year ago When you export the vault you can choose whether to include the encrypted master key in the export file or not. If included, you don't need to worry about exporting the encrypted master key separately. This would be the convenient way. Since the encrypted master key is encrypted with pin and master password it should be sufficiently secure to do this way. Brute forcing pin and password should nearly be impossible. Exporting the key separately would only make sense if you fear your vault file and your master password could be leaked. Consider it as an option, not as a must.
goshuberto
Hi again, I was just wondering if you could explain why you chose to make the master key exportable, and indeed why it need be backed up at all. It just seems rather complex to have to backup four separate items (vault, password, pin, key). I realise that you have implemented reminders to prompt users what to backup and when but I wonder how many can appreciate the difference between an encryption key and a password that they did not get to choose themselves.
Surely the simplest implementation is that the key is programmatically derived from a combination of password and pin, with the processing time/resource cost of the derivation algorithm an effective mitigation against brute force attack. When I want to unlock my vault I enter the pin and the password, wait a few seconds, and Viola! Now, if I loose everything and restore my vault from backup, I need only my password, my pin and a few seconds to derive the key. I just can't see how there is any benefit to having to backup the key, or how this makes it any more secure.